Are VPNs able to decrypt SSL traffic originating from my use of services such as Gmail, Dropbox and Skype, Google Talk and HTTPS-enabled websites? I'm asking because I always turn off these and other services before activating a VPN and I'd like to know if it's necessary at all.

3 Answers
3

VPNs are not able to decrypt SSL/TLS traffic between the user and sites accessed through the VPN. But since the VPN has access to the SSL/TLS encrypted content it is a position to mount a man-in-the-middle attack. Most man-in-the-middle attacks can be detected by carefully checking the sites' certificates, but every once in a while there's a new attack that even the most vigilant user won't be able to detect. For example, certificate authority Trustwave (at least) once issued a certificate to a company which allowed that company to perform undetectable man-in-the-middle attacks on any SSL communication going through that company (http://www.h-online.com/security/news/item/Trustwave-issued-a-man-in-the-middle-certificate-1429982.html).

Of course, if you don't use a VPN you are subject to a MITM attack from your ISP and, depending on your country's network topography, your government. So you have to decide who you're more worried about - the VPN provider or your ISP/government.

If you have very sensitive data that you're worried about the best thing would be not to put in on the Internet (or on any Internet-connected machine) even in encrypted form.

A VPN is no more hostile than the Internet "in general". The VPN is a "private network": it is protected against the large Internet; but if the VPN is itself an evil entity, then you are back to where you began. To a slight extent, a corrupt VPN would make the task a bit easier for the attacker because, by construction, all your packets will go through the VPN, but this does not change the situation in a qualitative way.

SSL has been designed to resist an hostile Internet. This still relies on a proper instantiation; crucially, you shall mind the browser warnings, because if you allow your connections to use an unverified server certificate, then security goes down the drain.

Of course, if your specific VPN included the installation of some local software, and you have reasons to believe that this software could be ill-intentioned towards you, then all bets are off. Practically, this software might have installed an additional root CA that it controls, which would allow an accomplice to mount a man-in-the-middle attack which does not trigger browser warnings. There are some enterprise products which do just that (employees have long learned that with SSL they can escape the filters used by their sysadmins on the workplace; sysadmins are currently getting up-to-date). Bottom-line: SSL protects the transfer of data between your computer and the target server; it does nothing about the integrity of your computer.

Is there a way to find out if I have any malicious root certificates on my computer? This might be helpful when using VPNs that require a software install.
–
PieterOct 2 '12 at 19:35

You could look at the list (on Windows, run certmgr.msc and have a look at the trust anchors, aka "root certificates") but there are many CA there. Although, realistically, if you executed some installer from a hostile source, then you can be sure of nothing except that your computer is no longer yours...
–
Thomas PorninOct 2 '12 at 19:49

Well, it's not always clear whether a hostile source is involved. I'm no security expert, so I cannot screen software-dependent VPN providers. I can see if they list a physical address, look up what security experts are saying about them and check that their installers carry a valid certificate that was issued by a trusted provider. But are services like Hotspot Shield, HideMyAss or Witopia hostile? I wouldn't know. I can't analyze every registry change, every network packet they send/receive and so forth. I don't have the time, patience and knowhow.
–
PieterOct 3 '12 at 10:39

Yes, it's possible, if they're using attacks like sslstrip or sslsniff. These essentially perform a man-in-the-middle and provide fake certificates, or redirect HTTPS traffic to HTTP. It's not transparent on the user-end unless the attackers compromise the CA's certificate, so a warning will be shown if the certificate is invalid.